I saw an email posted to one other Listserve that concerned me and I checked it
out a bit.
The subject line was "Here you have". The body of the message contained two
lines. One line was poorly constructed English. The second line contained a URL
that allegedly linked to a document. When you mouseover the URL, you can see
that the actual URL is different from what was printed in the message. That URL
links to a file that is not a PDF, but has a filename ending in "PDF.SCR". If
you were to click on that URL, you would execute malicious code on your
computer. The code would also attempt to propagate itself by emailing people in
your address books. Most antivirus products would not catch this exploit,
although some did and most now are being updated.
If you have received this email AND if you have clicked the URL, you may have an
ongoing malware infection.
For more information see:
http://www.avertlabs.com/research/blog/index.php/2010/09/09/widespread-reporting-of-here-you-have-virus/
Also: http://isc.sans.edu/diary.html?storyid=9529
As always, folks, pay attention to what you are sent in email. If the language
doesn't look right, it is probably something evil. Always, always, always roll
your mouse over a URL before you click on the URL. If the previewed URL (in
Internet Explorer, at the bottom of the IE window) does not match what is typed
in the message, do not click the link. You'll always see this when a hacker
sends you a message purportedly from your financial institution. In addition,
check for updates for your computer and all software that you use and make sure
that your antivirus software updates automatically.
At present, it appears that the first round of this virus has been killed off,
but there are likely quite a few infected machines out there. You can expect
several rounds of similar types of messages as the machines that aren't
disinfected get updates from the hacker's command and control servers. Odds are,
this thing will take a while to kill off, although the hackers didn't appear to
be very sophiticated to start.
Patrick Cunningham, CRM, FAI
[log in to unmask]
"Perpetual optimism is a force multiplier."
-- Colin Powell
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]
|